CompTIA Security+ Practice Test (SY0-701)
Use the form below to configure your CompTIA Security+ Practice Test (SY0-701). The practice test can be configured to only include certain exam objectives and domains. You can choose between 5-100 questions and set a time limit.
CompTIA Security+ SY0-701 (V7) Information
CompTIA Security+ Certification Exam Overview
The CompTIA Security+ certification is a vendor-neutral credential that validates foundational security skills and knowledge. The current version of the exam is SY0-701. The SY0-701 exam is a computer-based test that consists of up to 90 questions, with a duration of 90 minutes. Candidates must achieve a minimum passing score of 750 points on a scale of 100-900.
Question Types on the Security+ Exam
The Security+ exam includes two primary types of questions:
- Multiple-Choice/Multiple-Selection Questions: These questions require candidates to select one or more correct answers from a list of options.
- Performance-Based Questions (PBQs): These questions involve solving problems in a simulated IT environment, such as command prompt or networking environments. PBQs are also featured in other CompTIA exams, like A+ and Network+.
Exam Prerequisites
CompTIA does not enforce any prerequisites for the Security+ exam. However, it is recommended that candidates have the CompTIA Network+ certification and at least two years of experience in IT administration with a focus on security. Additionally, CompTIA suggests that candidates be at least 13 years old.
Security+ Exam Domains
The SY0-701 exam focuses on five primary domains:
- General Security Concepts (12%)
- Threats, Vulnerabilities, and Mitigations (22%)
- Security Architecture (18%)
- Security Operations (28%)
- Security Program Management and Oversight (20%)
These domains are detailed in the exam objectives, which outline the scope of the test, including domain weighting, test objectives, and example topics.
Exam Renewal Policy
The Security+ certification, along with other CompTIA certifications, must be renewed every three years. The bridge exam scheme was retired on December 31, 2010. Post-January 1, 2011, all new certifications are valid for three years from the date of certification. Renewal can be achieved by passing the latest version of the exam or through the Continuing Education (CE) program. This program allows candidates to keep their skills current through various activities that demonstrate industry knowledge.
Testing Centers
CompTIA exams, including Security+, are available exclusively through Pearson VUE testing centers since July 9, 2012. Exams can be scheduled online, by phone, or at the testing center. Candidates can choose between in-person exams at Pearson VUE centers or online testing.
The CompTIA Security+ certification ensures that IT professionals possess the essential security skills and knowledge required to protect and manage today's increasingly complex IT environments.
More reading:
Free CompTIA Security+ SY0-701 (V7) Practice Test
- 20 Questions
- Unlimited
- General Security ConceptsThreats, Vulnerabilities, and MitigationsSecurity ArchitectureSecurity OperationsSecurity Program Management and Oversight
During a period of international expansion, a company must revise its security governance documentation to ensure ongoing compliance with various regional laws and adherence to best practices. Which type of governance document is most critical to update and maintain to address these requirements?
Policies for the Use of Technology Resources
Disaster Recovery Plans
Business Continuity Documentation
Information Security Policies
Answer Description
While all listed documents play pivotal roles in a comprehensive security governance framework, Information Security Policies are crucial to defining the overall security strategy, essential for compliance with various regional, national, and global laws, and setting forth the rules and guidelines specific to the protection of the company's information assets. Updating the Information Security Policies will provide a foundation for the company's global security posture, ensuring that all other documents and practices align with these high-level policies and meet the regulatory requirements of each region in which the company operates.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are Information Security Policies?
Why are Information Security Policies important for international compliance?
How do Information Security Policies relate to other governance documents like Disaster Recovery Plans?
A healthcare organization relies on a third-party service provider to manage its electronic health records (EHR) system. Recently, the service provider experienced a security breach, potentially exposing sensitive patient information. What type of vulnerability does this scenario best illustrate?
Zero-day
Supply Chain
Misconfiguration
Insider Threat
Answer Description
The correct answer is Supply Chain. This scenario highlights the vulnerability that arises from dependence on a third-party service provider, which is a key component of the supply chain. An Insider Threat involves risks from within the organization, Zero-day refers to previously unknown vulnerabilities, and Misconfiguration pertains to incorrect setup of systems.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a supply chain vulnerability in cybersecurity?
How can organizations mitigate supply chain vulnerabilities?
What is the difference between a supply chain vulnerability and an insider threat?
A system administrator is about to perform a major software upgrade on a critical virtual server. The administrator needs a way to quickly revert the server to its exact pre-upgrade state if any issues arise. Which of the following backup methods would be the MOST efficient for this purpose?
Run a differential backup job.
Perform a full backup to tape.
Take a snapshot of the virtual server.
Enable replication to a warm site.
Answer Description
A snapshot is the most efficient method because it captures the entire state of a virtual machine at a specific point in time and is designed for rapid reversion. A full backup would work but restoring it would be significantly slower. Differential backups are also slower to restore as they require the last full backup as well. Replication to a warm site is a disaster recovery strategy for site-level failures, not for reverting a single server's configuration change.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a virtual machine snapshot, and how does it work?
How is a snapshot different from a full backup?
What is replication to a warm site, and when is it used?
Which of the following statements BEST explains why a network firewall alone cannot provide the same level of protection as encryption for data stored on a network file server?
A firewall enforces access rules for network traffic, but only encryption renders the stored data unreadable to unauthorized users, so both controls are required to protect data at rest.
Neither firewalls nor encryption protect data at rest; only physical security controls such as locks and guards can do so.
A properly configured firewall automatically encrypts any files transmitted or stored behind it, eliminating the need for separate data-at-rest encryption.
Encryption secures data moving across the network, whereas a firewall secures all data that resides on the server's drives.
Answer Description
A firewall filters or blocks network traffic according to predefined rules, helping to prevent unauthorized access over the network. It does not transform the actual data on the server. If an attacker bypasses the firewall-through stolen credentials, an insider threat, or physical access-the files remain readable unless they are encrypted. Encrypting the disk, volume, or files converts them into ciphertext that is unintelligible without the decryption key, preserving confidentiality even if the storage media is stolen or the system is compromised. Therefore, encryption-not the firewall-provides protection for data at rest.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why doesn't a firewall encrypt data?
What is 'data at rest,' and how does encryption protect it?
How might an attacker bypass a firewall, and why does encryption matter in that situation?
In a highly secure network environment with strict throughput requirements, which device attribute would MOST likely be preferred when implementing a security control intended to scrutinize traffic without causing significant latency?
An active security device configured to make real-time decisions
A tap/monitor setup that passively observes traffic
A security device configured to fail-open to reduce latency
An inline security device configured to interact with traffic
Answer Description
A tap/monitor setup is preferred in scenarios where monitoring is essential, but it is crucial not to introduce latency or a single point of failure within the network traffic flow. An inline device would actively interact with traffic, potentially introducing latency, which is undesirable in strict throughput environments. Active devices are designed to intervene and could affect performance, whereas fail-open implies a state during failure, which is not relevant to the operational performance during normal conditions.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a tap/monitor setup in a network?
Why does an inline security device cause latency?
What is the difference between 'fail-open' and 'fail-closed' security devices?
Your company’s network is configured to always check authentication/authorization each time a user tries to access data. The company is using which security model?
Extranet
Intranet
Zero trust
VLAN
Answer Description
The zero trust security model works on the basis of “never trust, always verify.” Devices and users on the network are always required to be authenticated even if they were previously.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What does 'Zero Trust' mean in cybersecurity?
How does Zero Trust differ from traditional network security?
What technologies are used to implement Zero Trust?
A financial services company is updating its business continuity plan. For its critical online transaction processing system, the management team has determined that the system can be unavailable for a maximum of one hour before causing unacceptable business disruption and financial loss. Which business continuity metric does this one-hour time limit represent?
Recovery Point Objective (RPO)
Recovery Time Objective (RTO)
Mean Time to Detect (MTTD)
Mean Time to Repair (MTTR)
Answer Description
Recovery Time Objective (RTO) is the target time within which a business process must be restored after a disaster or disruption to avoid unacceptable consequences. In this scenario, the one-hour maximum acceptable downtime is the RTO.
Recovery Point Objective (RPO) is a different metric that defines the maximum acceptable amount of data loss, measured in time (e.g., "we can afford to lose up to 15 minutes of data").
Mean Time to Repair (MTTR) is a reliability metric representing the average time required to repair a failed component or device. Unlike RTO, which is a future-facing target for a specific process, MTTR is a historical average of repair times.
Mean Time to Detect (MTTD) is the average time it takes to discover that an incident has occurred.
Recovery Time Actual (RTA) is the real time it takes to complete a recovery, which is measured during a test or actual incident and compared against the RTO.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is RTO important for businesses?
What is the difference between RTO and MTTR?
How do businesses determine the RTO for a system or process?
A security architect is creating a resilience plan for a new hybrid cloud deployment. The architect has noted that ensuring patch availability from all third-party vendors is a critical consideration. What is the primary security-related justification for this emphasis on patch availability?
To enhance the graphical user interface
To ensure compatibility with legacy systems
To increase the system's processing speed
To fix security vulnerabilities and bugs
Answer Description
Patch availability is important because patches are released to fix security vulnerabilities and bugs in software, improving the security posture of the system. According to CISA, attackers may target vulnerabilities for months or even years after updates are available, so installing patches as soon as possible is critical. Without timely patch deployment, systems can remain susceptible to exploits and attacks.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a patch in software security?
Why are unpatched vulnerabilities risky for enterprises?
How do enterprises manage patch deployment efficiently?
A company is upgrading its authentication system by adding a biometric factor to its existing password policy. The security team's primary concern is preventing authentication bypass using simple spoofing methods, such as high-resolution photographs or voice recordings. Which of the following solutions BEST addresses this specific concern while being a widely adopted and mature technology?
Installing key fob devices
Implementing fingerprint scanning
Using facial recognition technology
Setting up voice recognition systems
Answer Description
Fingerprint scanning is the best solution in this scenario. It is a mature biometric technology that is not susceptible to spoofing from photographs or voice recordings, directly addressing the company's primary concern. While some facial recognition systems can be spoofed with high-quality images, advanced versions include liveness detection to prevent this. Voice recognition is particularly susceptible to being bypassed with recordings. A key fob is a possession-based factor ("something you have"), not a biometric factor ("something you are"), so it does not meet the requirement for a biometric method.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is fingerprint scanning considered more secure than other biometric methods?
What makes biometric authentication more secure compared to traditional passwords?
How does biometric authentication work in enhancing multifactor authentication (MFA)?
A security analyst is reviewing the company's disaster recovery plan (DRP). The analyst notes that the DRP focuses heavily on restoring critical business functions but lacks a comprehensive inventory of IT hardware, software, and data assets. Which of the following BEST describes the risk associated with this omission?
Recovery will be faster as teams can focus on broad functions rather than being slowed down by the details of specific assets.
Recovery efforts may be delayed and incomplete because there is no detailed inventory to guide prioritization and restoration.
The DRP's effectiveness is not impacted, as the primary goal of restoring business functions makes a specific asset inventory redundant.
The lack of an inventory primarily represents a financial risk for insurance claims but does not affect the technical recovery process.
Answer Description
A detailed and current asset inventory is a foundational component of an effective disaster recovery plan. Without it, an organization cannot accurately prioritize which systems to restore first, understand dependencies between assets, or ensure that all necessary components are recovered. This leads to inefficient and delayed recovery efforts, potentially preventing the organization from meeting its Recovery Time Objectives (RTOs). The inventory is essential for knowing what needs to be restored to bring critical business functions back online.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a Disaster Recovery Plan (DRP)?
What is the importance of an asset inventory in a DRP?
What are Recovery Time Objectives (RTOs) and Recovery Point Objectives (RPOs)?
Which identity and access management solution creates a single point of failure whereby compromising one set of user credentials could let an attacker access every connected application the user is authorized for?
Single sign-on (SSO) service
Network segmentation using VLANs
IPSec virtual private network (VPN) tunnel
Discretionary access control (DAC) model
Answer Description
Single sign-on (SSO) relies on a centralized identity provider. After the initial logon, the provider issues tokens that all integrated applications accept, so one compromised credential can unlock everything the user can reach. VPNs, network segmentation, and discretionary access control models do not inherently grant blanket access with one password.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Single Sign-On (SSO)?
What are the security risks associated with SSO?
How does SSO issue tokens to applications?
A coworker identified a vulnerability in a third-party software solution hosted on-premises. The coworker is out sick and has asked you to remediate this issue as quickly as possible. You have found an official patch from the vendor's website. What is the NEXT procedural step you should take?
Submit a change request according to the company's change management process.
Install the patch immediately and inform affected users.
Begin monitoring for related incidents.
Start the incident response process.
Answer Description
Changes to production systems, even urgent security patches, must be documented and approved according to the organization's change management policy. This process, often initiated with a Change Request (CR) or Request for Change (RFC), ensures that changes are tested, scheduled, and have a backout plan, minimizing the risk of causing an operational outage. It is the proper first step before deploying any update.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is change management in IT?
Why is it important to follow change management processes before patching a vulnerability?
What is a Change Request or CR in change management?
An organization is assembling its enterprise risk register. Which of the following elements should be documented for each listed risk so the team receives an early warning when the likelihood or impact of that risk begins to increase?
Key Performance Indicator (KPI)
Key Risk Indicator (KRI)
Service-Level Agreement (SLA)
Memorandum of Understanding (MOU)
Answer Description
A Key Risk Indicator (KRI) is a forward-looking metric tied to a specific risk. Tracking KRIs inside, or in direct association with, the risk register allows risk owners to spot deteriorating trends and take action before the threat reaches an unacceptable level. Items such as service-level agreements, memoranda of understanding, or general performance metrics do not fulfill this early-warning function within the risk register.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a Key Risk Indicator (KRI)?
How is a KRI different from a KPI?
Why are KRIs included in a risk register?
A company is revising its network security strategy to align with a Zero Trust model. Which of the following principles should be the foundational guideline for the company's revised approach to network security?
Encrypt all data at rest
Restrict user privileges based on roles
Never trust, always verify
Implement implicit trust zones within the network
Answer Description
The central tenet of Zero Trust is 'never trust, always verify'. Unlike traditional security models that operate on the assumption that everything inside the network perimeter is safe, the Zero Trust model treats all traffic as untrusted, requiring continuous verification of each request, regardless of whether it originates from inside or outside the organization's network. The other options listed, while relevant to security, do not embody the foundational guideline of the Zero Trust model. 'Restricting user privileges' is a part of the principle of least privilege, 'encrypting data at rest' is a data security measure, and 'implementing implicit trust zones' goes against the Zero Trust model which doesn't use implicit trust.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why does Zero Trust treat internal traffic as untrusted?
How is 'least privilege' different from 'never trust, always verify'?
What technologies or methods help enforce the Zero Trust principle?
A company is revising its security monitoring strategies to enhance incident detection and response. Their current system is primarily manual, resulting in delayed identification and inconsistent reporting of suspicious activities. Which of the following is the BEST method to improve their incident reporting and monitoring process?
Expanding the in-house security team
Increasing the frequency of manual security audits
Implementing real-time automated monitoring and alerting systems
Conducting more comprehensive employee training sessions
Answer Description
Automated monitoring and alerting systems provide real-time detection of security events, which significantly reduce response times to potential incidents. By setting thresholds and parameters for normal network behavior, these systems can promptly identify and report suspicious activities, enabling quicker remediation. While all other options may contribute to effective security practices, automated alerting will most directly address the current delays and inconsistencies in incident detection and reporting, leading to improved security posture.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are automated monitoring and alerting systems?
How do automated systems compare to manual methods in incident detection?
What is a Security Information and Event Management (SIEM) system?
Encapsulating data within a secure tunneling protocol negates the need for encrypting the payload itself since encapsulation provides sufficient security measures.
True
False
Answer Description
This statement is false because while secure tunneling protocols such as VPNs can provide a layer of security by encapsulating the data, encryption of the payload itself is necessary to ensure that the data remains confidential and protected from unauthorized access if the tunnel is compromised. Additionally, encrypting the data adds an extra layer of security in the form of end-to-end encryption, which is not solely dependent on the security of the tunneling protocol.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a secure tunneling protocol?
Why is encrypting the payload important if secure tunneling is used?
What is end-to-end encryption and how does it complement tunneling protocols?
Which of the following is most effective in preventing an attacker from easily guessing or cracking a password?
Avoiding the use of special characters in the password
Increasing the number of characters in the password
Using a password without any numeric characters
Setting the password expiration to 90 days
Answer Description
Longer passwords are generally more secure because they increase the number of possible combinations, making brute-force attacks more difficult and time-consuming. Although password complexity and lack of password reuse are important, increasing length has the most significant impact on a password's strength against cracking attempts.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why does increasing the number of characters in a password make it more secure?
How do brute-force attacks work, and why does password length matter in preventing them?
What is the role of password complexity compared to password length in ensuring security?
A company has implemented a centralized proxy to manage web traffic. Which of the following tasks would MOST effectively utilize the proxy to enhance the organization's security posture?
Inspecting and logging web traffic for analysis and compliance.
Configuring automatic backups of user data every 24 hours.
Allowing users to tunnel web traffic through SSH to enhance encryption.
Restricting all users' access to the control panel on their respective machines.
Answer Description
Inspecting and logging web traffic allows the centralized proxy to monitor and record all incoming and outgoing web traffic. This inspection aids in identifying suspicious activities, ensuring adherence to organizational policies, and providing valuable information for audits or investigations. Restricting users from accessing the control panel does not primarily utilize the features of a centralized proxy. While tunneling through SSH can encrypt traffic, it would bypass the centralized proxy's filtering and monitoring capabilities. Configuring backups is necessary for data preservation but does not employ the centralized proxy's functions in traffic management.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a centralized proxy?
How does inspecting and logging web traffic improve security?
Why tunneling web traffic through SSH can bypass proxy filtering?
An organization's server room entry is secured solely by numerical access codes, which has recently led to heightened concerns about the method's vulnerability to systematic guessing attempts. To increase the difficulty for perpetrators attempting to gain unauthorized entry, which enhancement should be taken?
Installing a biometric authentication system.
Enhancing video surveillance around the entry area.
Intermittent updates to numerical access codes.
Setting up an audible alert after multiple failed entry attempts.
Answer Description
Employing a biometric authentication system increases security by requiring personal physical attributes, making it significantly more resistant to systematic guessing and unauthorized entry compared to numerical access codes. Updating numerical access codes intermittently can temporarily prevent unauthorized access but does not inherently improve resistance against a focused attack. An audible alert after a set number of failed attempts might deter but not prevent an intruder who can still continue to attempt access. Video surveillance, although useful for monitoring and recording, does not in itself prevent unauthorized access.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is biometric authentication more secure than numerical access codes?
What types of biometric authentication methods are commonly used?
What are some potential challenges in implementing a biometric security system?
Which of the following techniques involves replacing sensitive data with unique identification symbols that retain all the essential information about the data without compromising its security?
Tokenization
Encryption
Salting
Anonymization
Answer Description
Tokenization is the correct method for replacing sensitive data with a unique identifier that is not sensitive, known as a token, which has no extrinsic or exploitable meaning or value. The process allows businesses to work with the essential information without exposing sensitive data-enhancing security while minimizing the impact on systems that need to use the data. Encryption, in contrast, protects data by converting it into a coded format that can be decrypted only with a key, making it different from tokenization. Salting is used to enhance the security of a hashing process by adding a unique value to the end of the password before hashing occurs, thus providing no data obfuscation or replacement on its own. Anonymization is the process of removing personally identifiable information from data sets, so that the people whom the data describe remain anonymous, which is a broader concept than tokenization and does not necessarily use a token to replace sensitive data.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
How is tokenization used to enhance data security?
What is the difference between encryption and tokenization?
What are some common use cases for tokenization?
Woo!
Looks like that's it! You can go back and review your answers or click the button below to grade your test.